Don't get your sources in Syria killed

Because foreign journalists have been virtually banned from
Syria during the uprising against Bashar al-Assad's regime, news coverage has relied
heavily on citizen journalists and international reporters working with sources
inside the country. Syrians who communicate with foreign news media run the
risk of being threatened, detained, tortured, or even killed.

This month, a Syrian court sentenced
citizen journalist Mohammed Abdel Mawla al-Hariri to
death for the crime of "high treason and contacts with foreign parties." He was
arrested in April immediately after giving an interview with Al-Jazeera about conditions
in his hometown of Daraa, in the southern part of the country. According to a
report by the Skeyes Center for Media and
Cultural Freedom, al-Hariri was tortured after
his arrest. In the wake of the verdict and sentencing, he was transferred to Saidnaya
military prison north of Damascus.

Al-Hariri is not alone. Press
freedom groups such as CPJ and Reporters Without Borders have documented the
detention of dozens of journalists; Syrian reporters, bloggers, and activists are regularly
followed, arrested, and tortured.

Ordinary
citizens who come into contact with international journalists are also
targeted. Last fall, British journalist and filmmaker Sean McAllister met with
a 25-year-old dissident and computer expert in Damascus who goes by the
pseudonym "Kardokh." Columbia
Journalism Review
reports that Kardokh had agreed to be interviewed on camera, with the
understanding that McAllister would blur his face before publishing the
footage. But in October 2011, Syrian security agents arrested McAllister, seizing
his laptop, cell phone, camera, and the footage for his documentary--including
images and contact information that could be used to identify the activists he
interviewed. When Kardokh heard that McAllister had been arrested, he
immediately packed his bags and fled to Lebanon. Kardokh reports that several
of the activists he had put in touch with McAllister had been arrested and at
least one had disappeared. Channel 4, McAllister's news outlet, told CJR that the journalist had taken steps
to protect his material but Syria proved unusually difficult.

The al-Assad
regime's surveillance of telecommunications--cell phones, text messages, email,
and Internet traffic--is remarkably extensive. Using equipment built in the West by companies such as
BlueCoat, the Syrian government censors the Internet, blocks websites, and
snoops on traffic using Deep Packet Inspection (DPI). As if that was not
enough, the Syrian government has sought to expand its surveillance
capabilities. Late last year, Bloomberg News reported that the Italian
company Area SpA was seeking to pull out of a contract to build an Internet
surveillance system in Syria that would give the government the power to "intercept,
scan, and catalog virtually every email that flows through the country." The
report went on to say that all work on the system had been suspended, but the
scope of the project gives a glimpse into the regime's Orwellian vision.

In
addition to its surveillance apparatus, the Syrian government may also benefit
from intelligence gathered by pro-Syrian government hackers, who package malware that can capture webcam
activity, disable the notification setting for certain antivirus programs,
record key strokes, and steal passwords. The malware is specifically targeted
at Syrian activists, including journalists and their sources, and spread
through websites offering fake software downloads, fake PDFs purporting to
relate to the formation of a new government after the revolution, links sent
through email, Skype, and Facebook messages, and links left in the comment
section of Facebook pages and YouTube videos that support the uprising.

In
light of this exceptionally tricky landscape, here are some suggested best
practices for international journalists communicating with sources and
journalists inside of Syria.

Check for malware on your
computer and have your sources check for malware on theirs. All of the security
precautions in the world are useless if the Syrian government has keylogger
files full of your passwords and full access to your most sensitive
communications. This blog post describes how to detect and
remove DarkComet RAT, the most common Trojan installed by pro-Syrian government
malware, which is not detectable by most antivirus scans.

Beware of fake websites,
strange downloads, and suspicious links. Pro-Syrian government hackers have used fake Facebook and
YouTube websites to covertly install malware and gather login credentials.
Always check the URL bar at the top of your browser when you are entering your
login credentials to make sure you are not visiting a fake website. Be cautious
about downloading documents or software over the Internet, even if it is
purportedly coming from a friend.

Beware of phones. Do not communicate over
landlines or cell phones. Do not send text messages. If your source is
concerned about giving away their location, they should refrain from using satellite
phones as
well.

Always use encryption. Do not use Skype. Skype
purports to provide encrypted video chat, but a number of security weaknesses
make it inadvisable for use when lives are at stake. If you are using a Web-based
mail client, make sure that you are connecting using https--it helps to install
the HTTPS Everywhere browser extension. Use PGP encryption for email. Use Adium and OTR
(Off the Record) for encrypted messaging.

Syrian sources may be tempted to engage in insufficient
security practices if they do not fully understand the regime's surveillance
capabilities. It's incumbent on journalists to insist on secure communications
when dealing with this exceptionally high-risk population. It's important to
get the story out, but it's even more important to keep your sources safe.

Eva Galperin is international freedom of expression coordinator for the Electronic Frontier Foundation.

Comments

Some suggestions: Consider using Linux rather than Windows. It's free to download and use. You can put it on a USB stick and do your web browsing from there. Ubuntu Linux is a popular choice. You have very little chance of being affected by viruses if you use it. You can try Google Hangouts instead of Skype for video conferencing, it is fully encrypted. Use Firefox with the NoScript addon and use the Tor browser bundle for anonymity.

What is a "virtual" ban ?
Try as I might, I can not find any evidence to support the claim in your report of any ban, "virtual" or not, on journalists to Syria. I did however find reports of Syria lifting a ban on journalists in September 2011. I also found references to visa's issued to hundreds of journalists by the regime in the reports prepared by UN monitors. You make a mockery of journalism